OpenStack: Network Creation Script

Hi All! The past few months have been very busy, and lots of work on OpenStack. I have quite a bit to share, but for today let’s look at how I automated OpenStack network creation.

Here is the script. The article below discusses the manual steps that the script automates. You do want to read the article, but if you are impatient (like me) and just want to get the good stuff and get moving, get the os-create-network-sh.txt script, rename it to os-create-network.sh, read it, and use it as you like. Remember…no warranties! Something breaks, and you own it. The script is idempotent; it checks carefully to see if objects are already created and doesn’t try to “re-add” them if they already exist.

I use Neutron Networking (Icehouse) but that’s a different article (and a fun one!). For today, I’ll show you the script for creating tenant networks, attaching them to the external network, and verifying the results. I’m assuming you have a complete OpenStack stack except for a Compute node (and VMs, of course). Also, you can see Icehouse Neutron Initial Networks for more info.

On our Neutron nodes we defined three interfaces: eth0 is Management, eth1 is Data (Guest VM traffic), and eth2 is External (DMZ VLAN 106). First we create the External network; this is the path to the outside world:

OK, we have an external network and subnet created. Let’s create a tenant network; in my case, our tenants get only internal, isolated networks. All communications is over GRE via the Neutron Controller. I also VLAN this network separately, but that’s a different and more advanced discussion.

So each tenant will have its own tenant network, and each network is isolated and independent of one another. This means the networks can overlap; thus, we’ll use 10.0.0.0/24 for each network and let Neutron sort everything out. Here’s an example for the DEMO tenant:

A bit of explanation is in order here…you no doubt see a reference to 192.168.1.2. For my setup, I actually have the concept of “DMZ-within-DMZ”; I use the big 172.20.128.0/18 private Class B subnet for all of my tenants to share their “external” addresses; but I also have a standard 192.168.1.0/24 network that I get with my cheapie Linksys router. Because the only thing between the 192.168.1.0/24 network and the Big, Bad Internet is the cheapie router I want to insulate my tenants and developers from that network. Besides, I only have 254 IP addresses available on the 192.168.1.0/24 subnet; why waste them on a bunch of VMs that only require internal access?

The net result is that I keep my DNS and OpenLDAP on the 192.168.1.0/24 subnet, and I have a couple software routers to handle getting things around.

Anyways, we have our tenant-specific network / subnet created. Now we need a router to get us to the external network:

The router is just a database record entry for now. Let’s make it “real” by adding some interfaces to it. We need the internal (Demo) subnet, so let’s add that first. This permits VMs on the Demo subnet to have a default gateway: